Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aci_rest: change not detected (DCNE-88) #28

Open
aciguru opened this issue Apr 14, 2020 · 2 comments
Open

aci_rest: change not detected (DCNE-88) #28

aciguru opened this issue Apr 14, 2020 · 2 comments
Assignees
@akinross
Labels
bug Something isn't working jira-sync Sync this issue to Jira

Comments

@aciguru
Copy link
Contributor

aciguru commented Apr 14, 2020

ISSUE TYPE
Bug Report
maybe Enhancement request?

COMPONENT NAME
aci_rest

ANSIBLE VERSION

ansible 2.4.2.0
  config file = None
  configured module search path = [u'/home/dhamann/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.12 (default, Nov 20 2017, 18:23:56) [GCC 5.4.0 20160609]

CONFIGURATION
DEFAULT_DEBUG(env: ANSIBLE_DEBUG) = False
DEFAULT_STRATEGY(env: ANSIBLE_STRATEGY) = linear

OS / ENVIRONMENT
N/A

SUMMARY
aci_rest module does not always detect changed config, but reports it as unchanged ("ok:")

STEPS TO REPRODUCE
Depending on how you push the config to APIC the aci_rest module detects it as changed or not:

This example will always report as unchanged:

- name: Create CDP Policies
      tags:
        - create
        - network
      aci_rest:
        host: "{{ apic_hostname }}"
        username: "{{ apic_username }}"
        password: "{{ apic_password }}"
        validate_certs: false
        method: post
        path: "api/node/mo/uni/infra.xml?rsp-subtree=modified"
        content: |
          <infraInfra>
            <cdpIfPol adminSt="{{item.state}}"  name="{{item.name}}" descr="CDP set to {{item.state}}"/>
          </infraInfra>
      with_items:
        - "{{cdp_policies}}"

This playbook works as expected ("ok:" if nothing has changed and "changed:" otherwise)

- name: Create CDP Policies
      tags:
        - create
        - network
      aci_rest:
        host: "{{ apic_hostname }}"
        username: "{{ apic_username }}"
        password: "{{ apic_password }}"
        validate_certs: false
        method: post
        path: "api/node/mo/uni/infra/.xml?rsp-subtree=modified"
        content: |
            <cdpIfPol adminSt="{{item.state}}"  name="{{item.name}}" descr="CDP set to {{item.state}}"/>
      with_items:
        - "{{cdp_policies}}"

Note the difference in path: parameter (infra.xml vs. infra/.xml) as well as adjusted content.

EXPECTED RESULTS
In both cases changes to actual APIC config should result in "changed:" status

ACTUAL RESULTS
The reason why the first playbook does not behave as expected is that APIC does not populate the "status=" parameter as expected by the aci_rest module (it will only report change if this parameter is set to either of 'created', 'modified', 'deleted')
(see https://github.com/datacenter/aci-ansible/blob/e87db8f15e34ea7dc2e1b30fd445a4c59561bbc9/library/aci_rest.py#L270-L284)

ok: [localhost] => (item={u'state': u'enabled', u'name': u'cdp_on2'}) => {
    "changed": false, 
    "error_code": 0, 
    "error_text": "Success", 
    "imdata": [
        {
            "infraInfra": {
                "attributes": {
                    "childAction": "deleteNonPresent", 
                    "dn": "uni/infra", 
                    "lcOwn": "local", 
                    "modTs": "2017-08-17T01:40:52.471+01:00", 
                    "monPolDn": "uni/fabric/monfab-default", 
                    "name": "infra", 
                    "nameAlias": "", 
                    "ownerKey": "", 
                    "ownerTag": "", 
                    "rn": "", 
                    "status": "", 
                    "uid": "0"
                }, 
                "children": [
                    {
                        "cdpIfPol": {
                            "attributes": {
                                "adminSt": "enabled", 
                                "childAction": "deleteNonPresent", 
                                "descr": "", 
                                "extMngdBy": "", 
                                "lcOwn": "local", 
                                "modTs": "2018-01-17T09:45:05.902+01:00", 
                                "monPolDn": "", 
                                "name": "cdp_on2", 
                                "nameAlias": "", 
                                "ownerKey": "", 
                                "ownerTag": "", 
                                "rn": "cdpIfP-cdp_on2", 
                                "status": "", 
                                "uid": "17805"
                            }
                        }
                    }
                ]
            }
        }
    ], 
    "invocation": {
        "module_args": {
            "content": "<infraInfra>\n  <cdpIfPol adminSt=\"enabled\"  name=\"cdp_on2\" />\n</infraInfra>\n", 
            "host": "apic.ddsdnlab.at", 
            "hostname": "apic.ddsdnlab.at", 
            "method": "post", 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "path": "api/node/mo/uni/infra.xml?rsp-subtree=modified", 
            "protocol": "https", 
            "src": null, 
            "timeout": 30, 
            "use_proxy": true, 
            "use_ssl": true, 
            "username": "ansible", 
            "validate_certs": false
        }
    }, 
    "item": {
        "name": "cdp_on2", 
        "state": "enabled"
    }, 
    "response": "OK (544 bytes)", 
    "status": 200, 
    "totalCount": "1", 
    "url": "https://apic.ddsdnlab.at/api/node/mo/uni/infra.xml?rsp-subtree=modified"
}

On the other hand the second playbook runs as expected as returned data from APIC contains (status='modified'):

changed: [localhost] => (item={u'state': u'enabled', u'name': u'cdp_on'}) => {
    "changed": true, 
    "error_code": 0, 
    "error_text": "Success", 
    "imdata": [
        {
            "cdpIfPol": {
                "attributes": {
                    "adminSt": "enabled", 
                    "childAction": "deleteNonPresent", 
                    "descr": "CDP set to enabled", 
                    "dn": "uni/infra/cdpIfP-cdp_on", 
                    "extMngdBy": "", 
                    "lcOwn": "local", 
                    "modTs": "2018-01-18T05:26:34.072+01:00", 
                    "monPolDn": "uni/fabric/monfab-default", 
                    "name": "cdp_on", 
                    "nameAlias": "", 
                    "ownerKey": "", 
                    "ownerTag": "", 
                    "rn": "", 
                    "status": "modified", 
                    "uid": "15374"
                }
            }
        }
    ], 
    "invocation": {
        "module_args": {
            "content": "<cdpIfPol adminSt=\"enabled\"  name=\"cdp_on\" descr=\"CDP set to enabled\"/>\n", 
            "host": "apic.ddsdnlab.at", 
            "hostname": "apic.ddsdnlab.at", 
            "method": "post", 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "path": "api/node/mo/uni/infra/.xml?rsp-subtree=modified", 
            "protocol": "https", 
            "src": null, 
            "timeout": 30, 
            "use_proxy": true, 
            "use_ssl": true, 
            "username": "ansible", 
            "validate_certs": false
        }
    }, 
    "item": {
        "name": "cdp_on", 
        "state": "enabled"
    }, 
    "response": "OK (375 bytes)", 
    "status": 200, 
    "totalCount": "1", 
    "url": "https://apic.ddsdnlab.at/api/node/mo/uni/infra/.xml?rsp-subtree=modified"
}

Given this (weired?) behavior of APIC (I confirmed this behavior is the same on APIC versions 3.0, 3.1 and 2.1), I think the current implementation of aci_changed() might be insufficient.
@aciguru aciguru added bug Something isn't working duplicate This issue or pull request already exists aci labels Apr 14, 2020
@aciguru aciguru mentioned this issue Apr 14, 2020
Closed
@aciguru
Copy link
Contributor Author

aciguru commented Apr 14, 2020

ansible/ansible#35041

@lhercot lhercot removed their assignment Jun 11, 2020
@lhercot lhercot removed aci duplicate This issue or pull request already exists labels Jun 18, 2020
@lhercot lhercot added this to the 1.0.1 milestone Aug 19, 2020
@lhercot lhercot removed this from the 1.0.1 milestone Oct 12, 2020
@JT252
Copy link
Contributor

JT252 commented Jun 5, 2022

Is this still an open issue?

@akinross akinross self-assigned this Mar 6, 2023
@samiib samiib added the jira-sync Sync this issue to Jira label Aug 14, 2024
@github-actions github-actions bot changed the title aci_rest: change not detected aci_rest: change not detected (DCNE-88) Aug 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@akinross akinross

Labels
bug Something isn't working jira-sync Sync this issue to Jira
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@lhercot @xinyuezhao @nkatarmal-crest @akinross @aciguru @JT252 @samiib